How can I use a non-default keychain in Xcode iPhone project.
I have already tried '--keychain mycerts.keychain' in 'Other Code Signing Flags' in 'Code signing' build settings.
After a long time of research, I concluded that it cannot be done.
The codesign tool requires an absolute path to the keychain.
Use an additional "Run Script Build Phase" to call the codesign tool with the custom keychain. The embedded script should look like:
codesign -s 'your-identity' --keychain "${SRCROOT}/path/to/keychain" "${TARGET_BUILD_DIR}/${WRAPPER_NAME}"
in the Build setting under Code Signing -> Other code signing Flags, create a flag "--keychain keychain-name.keychain"
While inconvenient, you can temporarily change your "default Keychain" to whichever keychain has your certificate/keys. XCode will then search that keychain during code-signing. You can do this via Keychain Access.app or the security(1) command-line utility. You're responsible for unlocking said keychain yourself, however.
This problem can be solved by setting the keychain search list to include your keychain:
security list-keychains -s login.keychain mycerts.keychain etc.keychain
To view the active keychain search list, use the same command without the -s param:
security list-keychains
A great link for reference is here: https://ss64.com/osx/security-keychain.html
Related
I use the signpass form the Apple passbook demo passbook_materials to create a .pkpass file I have created my pass type ID and change the passTypeIdentity in the pass.json. When I execute: ./signapss -p ./myPass in terminal, it shows:
Couldn't find an identity for pass.com.xxx.xxx.
Does someone know this?
You need to install your certificate into your keychain (double clicking on the file downloaded from Apple will suffice). You need the Apple WWDR certificate installed in your keychain also. You also must make sure you set the teamIdentifier field in your pass.json to the correct value, not just the passTypeIdentifier field.
In my case, the passbook certificates was generate in another computer, so I have to export the private key into a 'xx.p12' file, install both the p12 file and the passbook certificate in my new mac, and the problem goes away.
You can also follow the step 1 in this document: tutorial
It was very meticulous guide for wallet certificate.
I have seen a few questions similar to this. So the target settings override the project settings. I got that, but if I don't want to override the project settings, is that what the "Don't Sign" option is for?
What am I supposed to do after archiving my app, when it asks if I want to re-sign it? If I have set the signing at the project or target level, should this be set to "Don't Sign"? What happens if I elect to re-sign it? Does the signing done during the previous archiving step get overridden and replaced with the new choice?
Can I look into an archive (.ipa) file and see what provisioning profile was used? I don't see the option in Finder to open it like I can open other bundles. How can I do this?
Just unzip the ipa (unzip appname.ipa) and do the following on the results:
codesign -dvv Payload/appname.app
It should show you the cert used.
I wrote a script that uses xcodebuild to generate an AdHoc build of an iPhone application.
I would like to edit this script to output the name of the Provisioning Profile used to sign the build.
This would allow me to include the Provisioning Profile in the zip that is automatically generated. This way, I could automatically send the archive to the AdHoc testers and be sure that they have the right Provisioning Profile to install the app.
Is there any way to extract the Provisioning Profile name or file used to sign the application:
from the builded and signed application
from the Xcode project (I don't want to manually parse the project.pbxproj file, as this solution might break in the next Xcode update)
any other way that is scriptable
Unforgiven suggested to use the command security to get the name of the certificate used to sign the app. Once you have this information, is there any way to then find the name of the Provisioning Profile?
Here is what I tried:
Sadly, the output of xcodebuild during the build does not contain this information. During the CodeSign step, there is the line:
/usr/bin/codesign -f -s "iPhone Distribution: My name" ...
but I can't match this with a certificate.
I looked into using codesign, and the command /usr/bin/codesign -d -vvv --entitlements - -r - /Users/lv/Desktop/TicTacBoo.app/TicTacBoo looked promising, but it doesn't give me the information I need.
I haven't found any useful option in xcodebuild either.
The provisioning profile is already in the application. You don't need another copy in your zip file (unless your testers do not understand how to use the copy inside of the application.)
It's named YourApplication.app/embedded.mobileprovision
This doesn't answer your question because the original filename is lost, however it does seem to solve your bigger problem.
You can use the "security" command from the terminal; unfortunately, at least on my MBP with Snow Leopard it appears to cause a segmentation fault in one of the commands you need to issue. For more information, issue from the terminal
man security
Anyway, here is what you can try, assuming your development/production certificates are stored in the login keychain:
security unlock-keychain login.keychain;
security find-certificate -a -c "iPhone Distribution: Your name" -p > cert.pem;
The second command causes the segmentation fault (caused by the -c argument), but it should be exactly what you need. Alternatively, you can use
security find-identity -p codesigning -v;
to get a list of all of the valid certificates you can use to code sign your applications.
For each certificate, the output also contains the SHA1 message digest, so that you can easily search the certificate in the keychain matching the SHA1 digest associated to "iPhone Distribution: Your name". This however, requires that you write your own application using the keychain APIs.
Let me know if this works on your mac or if you experience the same segmentation fault issue.
EDIT/UPDATE: I have verified the bug on other machines and filed a bug to Apple.
How about looking in the _CodeSignature/CodeResources plist file (of the built application) for files of type "mobileprovision"?
Here's a way to do that using defaults(1) to read the plist file. You have to copy the CodeResources file to something with the ".plist" suffix to keep defaults happy...
cp /build/Distribution-iphoneos/MyApp.app/_CodeSignature/CodeResources /tmp/defaults.plist
defaults read /tmp/defaults files |grep .mobileprovision |grep -v embedded.mobileprovision
(in my test case, there were 2 .mobileprovision entries there; ignore the one named "embedded.mobileprovision")
Try to commit my first iPhone application to Subversion found that there's "code signing identity" section in my xcode project.pbxproj file.
CODE_SIGN_IDENTITY = "iPhone Developer: my username here...;
"CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer: above...";
The issue is, in our team we use different provisioning which bound to our device. So when other want to run the code on device, they have to change this line. We can share one provisioning to across this, but that way have several downside. Is there any other way to solve it? i.e. include code signing section to another file which not commit to SVN?
As long as you have just one signing identity, you can just use "iPhone Developer" as your codesigning identity. Codesign will search for an identity containing "iPhone Developer" and use that.
You can base a project or target configuration on the contents of an xcconfig file that is not checked in to Subversion or is otherwise customized per developer. Add an appropriate xcconfig file to your project and then choose the file from the "Based On" pop-up at the bottom of the Build tab in the Project Info or Target Info window.
For example, you could have a DeveloperSettings.xcconfig file in the project whose contents on your system are:
CODE_SIGN_IDENTITY = "iPhone Developer: favoyang"
while its contents on my system are:
CODE_SIGN_IDENTITY = "iPhone Developer: cmh"
These settings will be inherited by either the project or target configuration that is set to be based on this file.
You can use $(USER) in your build setting definition to include your short user name.
For example:
CODE_SIGN_IDENTITY = "iPhone Developer: $(USER)";
That will use the contents of the USER environment variable in the definition of the CODE_SIGN_IDENTITY build setting.
The obvious choice would be to create other build configurations.
Why are you "changing this line" directly? You should almost never directly edit anything in the .xcodeproj file bundle.
Instead, you should be changing this within your build settings. To be more specific in your case, you need to add several more build configurations, one for each member of the team. That member can then build using their own provisioning file withouth messing with any other build settings.
I'm collaborating on an iPhone application, with the project files (.xcodeproj directory) checked into source control. One important setting is the "Code Signing Identity", which specifies the certificates to use to sign the application in order that it can run on the iPhone.
Each developer on the project has his own Code Signing Identity, so whenever anyone makes a change to the project, his Code Signing Identity gets saved into the project settings, and then everyone else inherits that change. They then have to change that to their CSI before they can continue.
Is there a way to have the Code Signing Identity saved in some local per-user project file that doesn't get checked into source control?
You could base the Xcode project on an .xcconfig file, then make each developer use their own .xcconfig file and keep the identity setting in there.
Either that or have your source control system ignore the file that contains the signature, in git you can create a file called .gitignore, theres probably a similar thing for what you are using. It means even though you've changed it the change won't get mirrored.
I worked around this by making different builds. The one named "Dev - Rob" had my settings in it, and the one named "Dev - [Other Guy's Name]" had Other Guy's settings.
We also used this to make builds like "Release - Beta" and "Release - AppStore" etc., for all situations where we'd have different signing configurations.